Fraud resistant passcode entry system

ABSTRACT

A method for user passcode authentication. The method includes accessing a user information database with predefined user input option parameters and generating a random arrangement of input options from the predefined user input option parameters. The method includes manifesting the random arrangement of input options on an interactive display interface and receiving a selection of the interactive display interface input options. The method also includes comparing the received selection of interactive display interface options to the predefined user input option parameters.

CROSS-REFERENCE TO RELATED APPLICATION

This application claims the priority benefit of U.S. Provisional PatentApplication Ser. No. 61/638,223, filed on Apr. 25, 2012, which is herebyincorporated herein by reference.

BACKGROUND

In the modern world, computerized systems are responsible forcollecting, transmitting, and storing an ever-increasing amount ofinformation. These systems are necessary as the need to quickly andaccurately access information has become critical in everyday operationsupon which business and economy are dependent. While technologicaladvances have helped protect sensitive data from unauthorized accessduring transmission and storage, little has changed in the means bywhich data is entered and accessed by authorized individuals.

Through advances in encryption and more powerful computer systems, datastorage and transmission have reached a level of security never beforeknown by human civilization. Once data is gathered by a system, it canbe stored and shared among other systems with little or no chance ofunauthorized disclosure. Even highly technical methods for acquiringstored or transmitted data which has been properly protected throughunauthorized means are impractical at best, and pose no significantthreat to data security.

There exist a number of weaknesses in the methods commonly used forsecure data entry and improperly secured transmission, all of which havebeen exploited to gain access to secure information. These exploitationsrange from the use of multiple electronic devices to simple observation.The weakest points in data security management are typically theindividuals themselves and the human-machine interfaces (HMI) throughwhich data is accessed and stored.

Individuals should always guard any sensitive information to prevent theacquisition of the information by others. Such measures include:refraining from discussion of sensitive information while in unsecuresettings, restricting any conveyance of information to secure methods,avoiding documentation practices such as recording information usingunsecure methods through writing or storage on personal computers,protecting identification devices such as badges and cards from beinglost or stolen, and other methods considered by most to be common-sensepractices.

Many HMI's are designed with measures in place to help prevent unplanneddisclosure of secure information. Unfortunately, many of these measureshave proven to be insufficient as these interfaces have becomeincreasingly prolific in society. One such practice is to obscurevalues, once entered, by masking them with a generic character, such asan asterisk. While this actively hides the final data provided to thesystem from onlookers, it does nothing to conceal the action ofselecting the individual values as the data is entered. Another lesscommon practice is the repositioning of virtual keys on graphicaldisplay devices between uses. This design helps to ensure thatobservance of data entry from a distance will not disclose the enteredinformation through the movements of the individual using the interface.Once again, however, this provides no protection from close observation.

One of the most common uses of secure data access in society today isfocused around the use of automated teller machines (ATMs) and debitcard transactions. Despite methods to protect financial account access,billions of dollars are stolen annually in the United States alonethrough debit and credit card fraud. In the case of ATM and debittransactions, the only pieces of information required to gain accountaccess are an account number and its associated personal identificationnumber (PIN). Of these two, only the PIN is kept secret and iscontrolled by the individual owning the account.

The PIN, a four digit number, only allows for ten thousand possiblecombinations. Additionally, some PIN combinations are statisticallypreferred over others due to their ease of being remembered, theirassociation with physical patterns on the numeric keypad used during PINentry, and the association of numbers with groups of letters, allowingthe PIN to be translated in to words. These commonly used PINs can beexploited to increase the probability of correctly guessing a PIN tomatch a given account.

Several methods may be used to obtain an account number and theassociated PIN. Shoulder surfing is the act of observing an individualwhile entering their PIN with the goal of gaining the individual's PINfor future use. A similar scheme involves the use of a skimming device,which is attached over the card entry location and is designed to appearas part of the ATM, in conjunction with a strategically placed camera.When an individual inserts their card into the ATM, the skimming devicealso reads the account number encoded on the card. The camera thenrecords the PIN as the individual provides it to the system, therebycollecting both the account number and the associated PIN.

Debit transactions occurring at a point of sale are in many cases storedon local systems, then processed as a group periodically or at the endof the business day. Such storage of account numbers and PINs can be atarget in an attempt to acquire the information, especially since theyare stored in large quantities.

Other common points of weakness are, data line monitoring, data centerbreaches, and lost, stolen, or fraudulent cards. Data line monitoringcan be a security weakness if the data is not encrypted properly beforetransmission or if the encryption is compromised; however, properimplementation and maintenance can prevent this being an issue. Lost,stolen, or fraudulent cards and data center breaches only put at riskthe account numbers, not their associated PINs.

The present invention addresses all of these weaknesses, as well asoffers improved measures of protection to areas which are not consideredimmediate risks.

Accordingly, it can be seen that there exists a need for a better wayfor preventing passcode fraud. It is to the provision of solutions tothis and other problems that the present invention is primarilydirected.

SUMMARY OF THE INVENTION

In accordance with an embodiment of the present invention, a method isprovided for entering and verifying a passcode. The general method forpasscode entry includes: presenting to a client a predeterminedinterface layout; entry of a passcode by the client via the selection ofkeys associated with properties corresponding to those required forsuccessful passcode verification; verification of the entered passcodeupon completion of passcode entry; either allowing or denying thedesired access depending upon the verification results of the passcode.

In another aspect, the invention relates to a method for user passcodeauthentication. The method includes accessing a user informationdatabase with predefined user input option parameters and generating arandom arrangement of input options from the predefined user inputoption parameters. The method includes manifesting the randomarrangement of input options on an interactive display interface andreceiving a selection of the interactive display interface inputoptions. The method also includes comparing the received selection ofinteractive display interface options to the predefined user inputoption parameters.

In another aspect, the invention relates to a method for user passcodecreation. The method includes receiving a selected passcode with anarrangement of inputs having two or more different properties from agroup comprising numbers, characters, symbols, colors, patterns, sounds,textures, topology, location, orientation, or relative position withrespect to the interface. The passcode is received on a user interface.The method also includes storing the selected passcode in a userdatabase.

In another aspect, the invention relates to a system for passcodevalidation. The system includes a user interface display with aplurality of keys. Each key has at least two different dynamic propertyoptions. The system has a database in communication with the userinterface. The database is configured to receive selected propertyoption information from the user interface display. The database isconfigured to send variable property option information to the userinterface display.

In accordance with a more particular embodiment of the presentinvention, the predetermined interface layout used during passcode entryincludes a plurality of virtual keys manifested in a definedconfiguration via a device.

In accordance with a more particular embodiment of the presentinvention, the device used during passcode entry can partially include agraphical interface.

In accordance with a more particular aspect of the present invention,each of the virtual keys presented during passcode entry are associatedwith a plurality of properties, a property being a combination of aninterface representation and an interpretation value. The interfacerepresentation is the manifestation of the property via the deviceproviding the human interface. The interpretation value is the identityof the property by which it is identified by the system.

In accordance with another aspect of the present invention, theproperties associated with the virtual keys are defined in property sets(a property set being a group of properties). During passcode entry,each virtual key is associated with a single property from each of theplurality of property sets.

In accordance with another aspect of the present invention, uponcompletion of passcode entry, the interpretation values of theproperties associated with the selected virtual keys are compared withthe interpretation values of the passcode previously recorded as validduring the passcode creation process.

In accordance with another more particular embodiment of the presentinvention, upon completion of passcode entry, the property sets fromwhich the properties associated with the selected virtual keysoriginated are compared with the property sets of the passcodepreviously recorded as valid during the passcode creation process.

In accordance with another aspect of the present invention, the propertyassociations with each of the virtual keys are re-assigned in agenerally random manner upon each use of the passcode entry interface.

In accordance with a more particular aspect of the present invention,the process by which the property associations with each of the virtualkeys includes: a) the calculation of a number being the optimally securenumber of property sets to group together; b) selecting in a generallyrandom manner a number of property sets equal to the previouslycalculated value; c) re-associating the properties within the selectedproperty sets collectively as a group across the plurality of virtualkeys in a generally random manner; d) manifestation of the updatedinterface via the device.

In accordance with a more particular embodiment of the presentinvention, one of the property sets used during passcode entry can bestatic, thereby being excluded from the generally random propertyre-assignment.

In accordance with another embodiment of the present invention, a methodis provided for passcode creation. The general method for passcodecreation includes: a) presenting to a client a predetermined interfacelayout; b) entry of desired passcode by the client via the selection ofvirtual keys which are associated with properties; c) indication by theclient that passcode entry is complete; d) recording of the enteredpasscode by the system for future use in attempting access.

In accordance with a more particular embodiment of the presentinvention, the predetermined interface layout used during passcodecreation is composed of a plurality of virtual keys manifested in adefined configuration via a device.

In accordance with a more particular embodiment of the presentinvention, the device used during passcode creation can partiallyinclude of a graphical interface.

In accordance with a more particular embodiment of the presentinvention, the virtual keys presented during passcode creation are eachassociated with a single property, the property being a combination ofan interface representation and an interpretation value. The interfacerepresentation is the manifestation of the property via the deviceproviding the human interface. The interpretation value is the identityof the property by which it is identified by the system.

In accordance with another particular embodiment of the presentinvention, the virtual keys presented during passcode creation are eachassociated with a plurality of properties, a property being acombination of an interface representation and an interpretation value.The interface representation is the manifestation of the property viathe device providing the human interface. The interpretation value isthe identity of the property by which it is identified by the system.

In accordance with another aspect of the particular embodiment of thepresent invention, the selection of a virtual key causes themanifestation of a plurality of virtual keys equal to the number ofproperties associated to the selected virtual key, each of themanifested virtual keys being associated with one of the propertiesassociated with the selected virtual key. The desired property to beincluded in passcode creation is then chosen by selecting the manifestedvirtual key associated with the desired property.

In accordance with another aspect of the present invention, uponcompletion of passcode creation, the interpretation values of theproperties associated with the selected virtual keys are recorded forfuture use in attempting access via the passcode entry process.

In accordance with another more particular embodiment of the presentinvention, upon completion of passcode creation, the property set fromwhich each of the properties has been chosen is recorded as a propertypattern in addition to the recording of the interpretation values.

In accordance with another embodiment of the present invention, a methodis provided for secure passcode creation. The general method for securepasscode creation includes: presenting to a client a predeterminedinterface layout; entry of desired passcode by the client via theselection of virtual keys which are associated with properties;indication by the client that passcode entry is complete; re-associatingthe properties within the selected property sets across the plurality ofvirtual keys in a generally random manner through the use of a propertydispersion algorithm which ensures that properties initially associatedas a group with any given virtual key are not associated as a group withany virtual key following the re-association; manifestation of theupdated interface via the device; re-entry of desired passcode asconfirmation by the client via the selection of virtual keys which havebeen re-associated with properties; verification that initial passcodeentry and passcode confirmation entry share in common the sameproperties for each position within the desired passcode; recording ofthe entered passcode by the system for future use in attempting access.

In accordance with another more particular embodiment of the presentinvention, methods are described for conversion of passcodes intotraditional PINs for both passcode creation and account access entry tobe used with current banking systems.

One advantage of the present invention is that passcode disclosurethrough any means of observation requires multiple observations of thepasscode entry process for the same passcode. Multiple observations donot guarantee passcode disclosure, as the probability of the propertyre-association process between passcode entry attempts is generallyrandom. The probability of passcode disclosure is inversely proportionalto the number of property sets utilized, the number of virtual keysdefined for the interface configuration, the number of unique propertiesdefined in each of the property sets, and the length of the passcode.

Another advantage of the present invention is that all existingpassword/PIN schemes are inherently supported without requiring existingpasswords/PINs to be disposed of and/or reset. Still further advantagesand benefits of the present invention will become apparent to those ofordinary skill in the art upon reading and understanding thisspecification.

BRIEF DESCRIPTION OF THE DRAWINGS

The present invention may take form in various components andarrangements of components, and/or in various steps and arrangements ofsteps. The drawings are only for purposes of illustrating preferredembodiments and are not to be construed as limiting the invention.

FIG. 1 illustrates an exemplary embodiment of a virtual key arrangementutilizing property sets for use during the process of passcode entry andverification having similarities to commonly-used numeric keypads.

FIG. 2 illustrates an exemplary embodiment of a physical or virtual keyarrangement which may be used during the process of creating a passcodefor use with the passcode entry virtual key arrangement shown in FIG. 1.

FIG. 3 illustrates a first example high-level logical process flowdiagram for the creation of a passcode accompanying the use of a keyarrangement similar to the one shown in FIG. 2.

FIG. 3 a illustrates an alternative high-level logical process flowdiagram for the creation of a passcode and associated property patternaccompanying the use of a key arrangement similar to the one shown inFIG. 2.

FIG. 4 illustrates a second exemplary embodiment of a virtual keyarrangement utilizing property sets which can be used during the processof creating a passcode for use with the passcode entry virtual keyarrangement shown in FIG. 1.

FIG. 5 illustrates a second example high-level logical process flowdiagram for the creation of a passcode accompanying the use of a keyarrangement similar to the one shown in FIG. 4.

FIG. 5 a illustrates an alternative high-level logical process flowdiagram for the creation of a passcode and associated property patternaccompanying the use of a key arrangement similar to the one shown inFIG. 4.

FIG. 6 illustrates a third example high-level logical process flowdiagram for the creation of a passcode which accommodates the use of keyarrangements similar to those shown in both FIG. 2 and FIG. 4.

FIG. 6 a illustrates an alternative high-level logical process flowdiagram for the creation of a passcode and associated property patternwhich accommodates the use of key arrangements similar to those shown inboth FIG. 2 and FIG. 4.

FIG. 7 illustrates an example of the virtual key arrangement utilizingproperty sets for use during the process of passcode entry following are-association of the properties to the virtual keys shown in FIG. 1.

FIG. 8 illustrates a fourth example high-level logical process flowdiagram for the entry and verification of a passcode.

FIG. 8 a illustrates an alternative high-level logical process flowdiagram to that shown in FIG. 8, showing the entry and verification of apasscode for an embodiment allowing a device utilized for passcode entryto have foreknowledge of a property pattern associated with a validpasscode.

FIG. 8 b illustrates an alternative high-level logical process flowdiagram to that shown in FIG. 8, showing the entry and verification of apasscode for an embodiment allowing a device utilized for passcodevalidation to have knowledge of a property pattern associated with avalid passcode.

FIG. 9 illustrates a first alternative example of a virtual keyarrangement following a second re-association of the properties to thevirtual keys shown in FIG. 1, utilizing property sets for use during theprocess of passcode entry.

FIG. 10 illustrates a second alternative example of a virtual keyarrangement following a re-association of the properties to the virtualkeys shown in FIG. 1, utilizing property sets for use during the processof passcode entry, having the numbers property set frozen.

FIG. 11 illustrates a third alternative example of a virtual keyarrangement following a second re-association of the properties to thevirtual keys shown in FIG. 1, utilizing property sets for use during theprocess of passcode entry, having the numbers property set frozen.

FIG. 12 illustrates a fourth alternative example of a virtual keyarrangement utilizing property sets for use during the process ofpasscode entry and verification having the shape of the virtual keysbeing a property set.

FIG. 13 illustrates a fifth alternative example of a virtual keyarrangement following a re-association of the properties to the virtualkeys shown in FIG. 12, utilizing property sets for use during theprocess of passcode entry.

FIG. 14 illustrates a sixth alternative example of a virtual keyarrangement utilizing property sets for use during the process ofpasscode entry and verification having the shapes of the virtual keysbeing oriented differently.

FIG. 15 illustrates a seventh alternative example of a virtual keyarrangement following a re-association of the properties to the virtualkeys shown in FIG. 14, utilizing property sets for use during theprocess of passcode entry.

FIG. 16 illustrates an eighth alternative example of a virtual keyarrangement utilizing property sets for use during the process ofpasscode entry and verification having language independent propertysets.

FIG. 17 illustrates a ninth alternative example of a virtual keyarrangement following a re-association of the properties to the virtualkeys shown in FIG. 16, utilizing property sets for use during theprocess of passcode entry.

FIG. 18 illustrates a tenth alternative example of a virtual keyarrangement utilizing property sets for use during the process ofpasscode entry and verification having a numeric property set with morethan one digit.

FIG. 19 illustrates an eleventh alternative example of a virtual keyarrangement following a re-association of the properties to the virtualkeys shown in FIG. 18, utilizing property sets for use during theprocess of passcode entry.

FIG. 20 illustrates a twelfth alternative example of a virtual keyarrangement utilizing property sets for use during the process ofpasscode entry and verification having a property set being associatedwith key proximity rather than key identity.

FIG. 21 illustrates a thirteenth alternative example of a virtual keyarrangement following a re-association of the properties to the virtualkeys shown in FIG. 20, utilizing property sets for use during theprocess of passcode entry.

FIG. 22 illustrates a fourteenth alternative example of a virtual keyarrangement utilizing property sets for use during the process ofpasscode entry and verification having physically-depressed keys beingassociated through key proximity.

FIG. 23 illustrates a fifteenth alternative example of a virtual keyarrangement following a re-association of the properties to the keysshown in FIG. 22, utilizing property sets for use during the process ofpasscode entry having physically-depressed keys being associated throughproximity.

FIG. 24 illustrates a sixteenth alternative example of a virtual keyarrangement utilizing property sets for use during the process ofpasscode entry and verification having physically-depressed keys beingassociated through relative positioning.

FIG. 25 illustrates a seventeenth alternative example of a virtual keyarrangement utilizing property sets for use during the process ofpasscode entry and verification having physically-depressed keys beingindividually capable of altering their physical appearance.

FIG. 26 illustrates an eighteenth alternative example of a virtual keyarrangement following a re-association of the properties to the virtualkeys shown in FIG. 25, utilizing property sets for use during theprocess of passcode entry having physically-depressed keys beingindividually capable of altering their physical appearance.

FIG. 27 illustrates a nineteenth alternative example of a virtual keyarrangement utilizing property sets for use during the process ofpasscode entry and verification, having an interface capable ofproducing braille.

FIG. 28 illustrates a twentieth alternative example of a virtual keyarrangement utilizing property sets for use during the process ofpasscode entry and verification, having an interface capable ofproducing braille.

FIG. 29 illustrates a twenty-first alternative example of a virtual keyarrangement utilizing property sets for use during the process ofpasscode entry and verification having an interface capable of producingbraille.

FIG. 30 illustrates a twenty-second alternative example of a virtual keyarrangement following a re-association of the properties shown in FIG.29, utilizing property sets for use during the process of passcode entryhaving an interface capable of producing braille.

FIG. 31 illustrates a twenty-third alternative exemplary embodiment of avirtual key arrangement utilizing property sets for use during theprocess of passcode entry and verification, having property sets withempty properties.

FIG. 32 illustrates a high-level logical process flow diagram as anexample which may be used in the association of properties to virtualkeys step shown in steps 805, 805 a, and 805 b of FIGS. 8, 8 a, and 8 b,respectively.

FIG. 33 illustrates a high-level logical process flow diagram as anexample which may be used in the selection of property sets to groupduring property shuffling step shown in steps 815, 815 a, and 815 b ofFIGS. 8, 8 a, and 8 b, respectively.

FIG. 34 illustrates a high-level logical process flow diagram as anexample which may be used in the shuffling of properties across virtualkeys step shown in steps 820, 820 a, and 820 b of FIGS. 8, 8 a, and 8 b,respectively.

FIG. 35 illustrates a high-level logical process flow diagram as anexample which may be used in the calculation of the number of propertysets to utilize during the shuffling of the property associations to thekeys. This process is a more detailed look at steps 810, 810 a, and 810b in FIGS. 8, 8 a, and 8 b, respectively.

FIG. 36 a partially illustrates a high-level logical process flowdiagram example of a property dispersion algorithm which can be utilizedin passcode system embodiments implementing a secure passcode creationmethod.

FIG. 36 b illustrates the remainder of the high-level logical processflow diagram example of a property dispersion algorithm started in FIG.36 a.

FIG. 37 illustrates a high-level logical process flow diagram example ofa property static value initialization routine to be executed as asubroutine in conjunction with the property dispersion algorithmdepicted in FIG. 36 a and FIG. 36 b.

FIG. 38 illustrates a high-level logical process flow diagram example ofa routine to get key non-static properties to be executed as asubroutine in conjunction with the property dispersion algorithmdepicted in FIG. 36 a and FIG. 36 b.

FIG. 39 illustrates a high-level logical process flow diagram example ofa routine to get selected keys to be executed as a subroutine inconjunction with the property dispersion algorithm depicted in FIG. 36 aand FIG. 36 b.

FIG. 40 illustrates a high-level logical process flow diagram example ofa routine to get key maximum non-static properties to be executed as asubroutine in conjunction with the property dispersion algorithmdepicted in FIG. 36 a and FIG. 36 b and the get selected keys routinedepicted in FIG. 39.

FIG. 41 illustrates a high-level logical process flow diagram example ofa routine to update property static values to be executed as asubroutine in conjunction with the property dispersion algorithmdepicted in FIG. 36 a and FIG. 36 b.

FIG. 42 illustrates a high-level logical process flow diagram example ofa routine to get keys to be executed as a subroutine in conjunction withthe property dispersion algorithm depicted in FIG. 36 a and FIG. 36 b.

FIG. 43 illustrates a high-level logical process flow diagram example ofa routine to swap key properties to be executed as a subroutine inconjunction with the property dispersion algorithm depicted in FIG. 36 aand FIG. 36 b.

FIG. 44 illustrates an example of property sets configured to beutilized in passcode system embodiments integrating with current bankingsystems as described in FIG. 45 and FIG. 46. These property sets arealso used in FIG. 48 and FIG. 49 to depict an example of an embodimentimplementing a secure passcode creation method.

FIG. 45 illustrates a method by which a passcode can be created andconverted into a traditional PIN to be utilized by a current bankingsystem

FIG. 46 illustrates a method by which a passcode can be entered foraccount access and converted into a traditional PIN to be utilized by acurrent banking system.

FIG. 47 illustrates an additional exemplary embodiment of a virtual keyarrangement based on the property sets depicted in FIG. 44 utilizingproperty sets for use during the process of passcode entry andverification.

FIG. 48 illustrates an example of the virtual key arrangement utilizingproperty sets depicted in FIG. 44 following the execution of theproperty dispersion algorithm shown in FIG. 36 a and FIG. 36 b asapplied to the virtual keys shown in FIG. 47.

FIG. 49 illustrates an example high-level logical process flow diagramfor the secure creation of a passcode accompanying the use of a keyarrangement similar to those shown in FIG. 47 and FIG. 48.

FIG. 50 is a schematic diagram of a fraud resistant passcode entrysystem that functions with the embodiments shown in FIGS. 1-49,according to an example embodiment.

DETAILED DESCRIPTION

It is to be understood that this invention is not limited to thespecific devices, methods, conditions, or parameters described and/orshown herein, and that the terminology used herein is for the purpose ofdescribing particular embodiments by way of example only. Thus, theterminology is intended to be broadly construed and is not intended tobe limiting of the claimed invention. For example, as used in thespecification including the appended claims, the singular forms “a,”“an,” and “one” include the plural, the term “or” means “and/or,” andreference to a particular numerical value includes at least thatparticular value, unless the context clearly dictates otherwise. Inaddition, any methods described herein are not intended to be limited tothe sequence of steps described but can be carried out in othersequences, unless expressly stated otherwise herein.

The following is intended to provide a detailed description of examplesof the invention and should not be taken to be limiting of the inventionitself. Rather, any number of variations may fall within the scope ofthe invention, which is defined in the claims following the description.

FIG. 1 is an exemplary embodiment of the present invention for thepurpose of passcode entry. The example depicts a device 100 having thecapabilities to manifest an arrangement of virtual keys 110, in thiscase via a graphical interface 105. For purposes of this invention, adevice may be any computer, system, or attached peripheral capable ofdynamically altering its interface and presenting to users of the systemdifferent interface configurations through which the users may provide apasscode. Examples of such a device include, but are not limited to:handheld devices used during data collection, cellular phones and smartdevices, ATM machines, personal computers, credit/debit systems used atgas pumps and checkout lines, physical security access terminals, etc.Each of the virtual keys 110 in this embodiment is associated with sixproperty sets; however any plurality of property sets may be employed.The property sets used in the example shown in FIG. 1 are: shape 115,number 120, Latin characters A through H 125, Latin characters I throughQ 130, Latin characters R through Z 135, and color 140 (represented as apattern). Property sets can include groups of any properties allowingone virtual key 110 to be distinguishable from another within thecapabilities of the device 100. As is readily apparent by FIG. 1, eachproperty set includes a plurality of distinguishable properties,generally less than or equal to the number of virtual keys 110 utilizedby the interface. Each property is defined as a combination of aninterface 105 representation, which is manifested via the device 100,and an interpretation value, which is used in identification of theproperty by the system.

It is possible for a property to be associated with more than onevirtual key. For example, the virtual keys associated with the numberproperties “1” and “9” in FIG. 1 share an association to the Latincharacter property “A”. Also, the virtual key associated with the numberproperty “0” shares an association to the Latin character properties“E”, “O”, and “T” with a number of other virtual keys. In thisparticular embodiment, these four properties are repeated because theyare the most commonly used letters in the English language. To preventconfusion by users of the system, any shared property interfacerepresentation also share the same interpretation value.

It is also possible for a property set to contain fewer properties thanthe number of virtual keys utilized by the interface configuration, asis demonstrated in the embodiment depicted in FIG. 31. Notice that theupper right corner of the virtual key associated with the numberproperty “9” does not show a property where the property set of Latincharacters A through H 3125 would otherwise be located. Also, thevirtual key associated with the number property “0” is not associatedwith any of the three Latin character property sets. Upon shuffling theassociated properties among the virtual keys, these empty propertyvalues are treated in an identical manner as they are contained aninterface representation. However, when a virtual key is chosen duringpasscode entry, any missing properties are omitted from the recordedselection.

When passcode entry is used, the properties associated with the virtualkeys are shuffled in a generally random process depicted in FIG. 8. Thisprocess begins with the arrangement depicted in FIG. 1 and can result inthe arrangement depicted in FIG. 7. The system associates 805 a memberfrom each property set with each virtual key in a generally randommanner, for which an example is depicted in FIG. 32, resulting in thearrangement depicted in FIG. 1. Then, an optimally secure number ofproperty sets to group together is calculated 810, for which an exampleis depicted in FIG. 35, based on the number of property sets utilized.In the case of this example having six property sets, the calculatednumber is three. Then, a number of property sets equal to thepreviously-calculated value are selected 815 in a generally randommanner for which an example is depicted in FIG. 33. The property setsnumber 120 and 720, Latin characters R through Z 135 and 735, and color140 and 740 are selected in the present example. Then, the propertieswithin the selected property sets are re-associated collectively 820 asa group across the plurality of virtual keys in a generally randommanner for which an example is depicted in FIG. 34. Finally, the devicemanifests 825 the updated interface shown in FIG. 7.

The arrangement depicted in FIG. 9 depicts the results of this processhaving been executed once again using the arrangement depicted in FIG. 7as the starting point. In the case of the arrangement depicted in FIG.9, the randomly selected property sets are shape 715 and 915, number 720and 920, and Latin characters A through H 725 and 925.

A passcode entry process is also described in FIG. 8. At any pointduring passcode entry, a user can choose to cancel 830 the process,thereby clearing any previously selected properties and beginning theprocess anew. Upon the selection 835 of one of the virtual keys by auser, it is not obvious to an observer which of the properties is beingchosen, as it may be any one of the plurality of properties associatedwith the selected virtual key. At this time, the system records orstores 840 all of the interpretation values of the properties associatedwith the selected virtual key for the present position in the passcode.This process is repeated until passcode entry is complete 845, at whichtime the system performs a comparison 850 between a valid passcode whichwas previously created and the passcode provided by the user. Thiscomparison determines 855 if the validation is a successful match. Ifthe entered passcode does not match the valid passcode, access to thesystem is denied 860. If the comparison is equal, any access which thesystem is designed to grant is provided to the user 865.

Another exemplary embodiment of the invention allows one of the propertysets to be made static, in which case the property set is excluded fromthe random selection of property sets to re-associate. FIG. 10 shows anexample of such an embodiment following the shuffling process beginningwith the arrangement depicted in FIG. 1. The chosen properties toshuffle are shape 115 and 1015, Latin characters I through Q 130 and1030, and color 140 and 1040.

FIG. 11 depicts the results of this shuffling process having beenexecuted once again using the arrangement depicted in FIG. 10 as thestarting point. In the case of FIG. 11, the randomly selected propertysets are Latin characters A through H 1025 and 1125, Latin characters Ithrough Q 1030 and 1130, and Latin characters R through Z 1035 and 1135.

FIG. 2 depicts an exemplary embodiment of the passcode creation process,in which each key is associated with a single property. In thisembodiment the keys 200 can be virtual, being manifested by a device, orthe keys may be physical components of a device whose purpose is to beused for passcode creation. The specific example shown in FIG. 2utilizes a row of keys for each property set; the top row being theshape 215 property set; the second row being the number 220 propertyset; the property set of Latin characters A through H 225 in the thirdrow; the property set of Latin characters I through Q 230 in the fourthrow; row five being the property set of Latin characters R through Z235; and the property set of colors 240 (represented as patterns) in thelast row.

The process by which this embodiment creates the passcode is outlined inFIG. 3. The system either manifests the interface 310 or the interfaceis built as a physical component of a device to be used for passcodecreation. At any point during passcode creation, a user may choose tocancel the process 320, thereby clearing any previously selectedproperties and beginning the process anew. Upon the selection of one ofthe keys 330 the system records the interpretation value of the propertyassociated with the selected key 340 for the present position in thepasscode. This process is repeated until passcode creation is complete350, at which time the system saves the interpretation values as a validpasscode for future use during passcode entry 360.

Another exemplary embodiment of passcode creation is shown in FIG. 4. Inthis embodiment, each virtual key is associated with a plurality ofproperties. Upon selection of one of the virtual keys 410, a virtual key450 associated with each of the properties associated with the selectedkey is manifested 455-480. The property associated with a manifested keyis added to the present position in the passcode being created when themanifested virtual key is selected.

The process by which the passcode is created for this embodiment isdescribed in FIG. 5. The system either manifests the interface 510 orthe interface is built as a physical component of a device to be usedfor passcode creation. At any point during passcode creation, a user canchoose to cancel the process 520, thereby clearing any previouslyselected properties and beginning the process anew. Upon the selectionof one of the keys 530 the system manifests a virtual key for each ofthe properties associated with the selected key 540. When one of thenewly manifested virtual keys is selected 550, the system records 560the interpretation value of the property associated with the selectedkey for the present position in the passcode. This process is repeateduntil passcode creation is complete 570, at which time the system savesthe interpretation values as a valid passcode for future use duringpasscode entry 580.

FIG. 6 demonstrates an example of a process by which the exemplaryembodiments depicted in FIG. 3 and FIG. 5 can be combined into a singleprocess. The system either manifests the interface 605 or the interfaceis built as a physical component of a device to be used for passcodecreation. At any point during passcode creation, a user can choose tocancel the process 610, thereby clearing any previously selectedproperties and beginning the process anew. Upon the selection of one ofthe keys 615 the system checks the number of properties associated withthe selected virtual key 620. If the virtual key is associated withmultiple properties, the system manifests a virtual key for each of theproperties associated with the selected key 625; then, when one of thenewly manifested virtual keys is selected 630, the system records theinterpretation value of the property associated with the selected key635 for the present position in the passcode. If the originally selectedvirtual key is associated with a single property, the system records 640the interpretation value of the property associated with the selectedkey for the present position in the passcode. This process is repeateduntil passcode creation is complete 645, at which time the system savesthe interpretation values as a valid passcode for future use duringpasscode entry 650.

Another exemplary embodiment of passcode creation provides a securemeans of setting the passcode which would make it extremely difficultfor an observer to determine the new passcode, even if the observer isallowed an optimal view while the passcode is being entered. FIGS. 36a-43 provide a property dispersion algorithm which will shuffle theproperties associated with the virtual keys in a generally random mannersuch that the resulting configuration of associated properties on anyvirtual key will include at most a single property that was associatedwith a virtual key immediately prior to the execution of the algorithm.An example of the configuration shown in FIG. 48 is one possible resultafter the execution of the algorithm having been executed from theinitial configuration shown in FIG. 47. The comparison of any virtualkey in FIG. 47 with any virtual key in FIG. 48 will show that thecompared virtual keys share at most a single property, including theposition of the key within the interface. When a user of the systemchooses to create a new passcode, a process similar to that depicted inFIG. 49 will be executed. In this embodiment, each virtual key isassociated with a plurality of properties 4905. At any point duringpasscode creation, a user can choose to cancel the process 4910, therebyclearing any previously selected properties and beginning the processanew. Upon the selection of one of the keys 4915 the system records theinterpretation value of all properties associated with the selected key4920 for the present position in the passcode. This process is repeateduntil passcode entry is complete 4925, at which time the system executesthe property dispersion algorithm 4935 shown in FIGS. 36 a-43, afterwhich the resulting configuration is displayed and the user is promptedto confirm the previously entered passcode. After the passcode entryprocess is repeated for confirmation 4390, a comparison between theproperties associated with each initially selected key and the keyselected during confirmation is made for each position of the enteredpasscode 4940. The property dispersion algorithm ensures that there canbe no more than one property in common between the keys for eachcomparison. If the user correctly selected the keys having a commonproperty for each position of the passcode during confirmation 4945, thesystem saves the interpretation values as a valid passcode for futureuse during passcode entry 4950. Otherwise, if the user did not selectkeys during confirmation having the same properties in the same sequenceas during the initial passcode entry, the passcode creation process iscanceled and the user must start the process again from the beginning.This embodiment is dependent upon the condition that the number ofproperties associated with each key is equal to or less than the totalnumber of keys used by the interface implemented by the embodiment.

An example of a property dispersion algorithm is depicted in FIGS. 36a-36 b. A list comprising all of the virtual keys is stored in systemmemory as variable Keys 3602, then variable PP is calculated asCeiling(log₁₀(number of Keys in the list variable Keys+1)) 3604 andvariable CP is calculated as Ceiling(log₁₀((number of Keys in the listvariable Keys+1)/2) 3606. Property static values are then initialized3608 following the Initialize Property Static Values process shown inFIG. 37 and the value one is assigned to variable K 3610. Variable NSPis set to a list of property sets 3612 using the Get Key Non-StaticProperties process depicted in FIG. 38, and then the list of selectedkeys created following the Get Selected Keys process shown in FIG. 39 isassigned to variable Selected 3614. Next, variable Loop is given aBoolean value of FALSE 3616, as well as variable Skip 3618, and thevalue one is assigned to variable S 3620. If variable K is greater thanone and Skip is equal to FALSE 3622, then property static values areupdated 3624 using the Update Property Static Values process shown inFIG. 41, property set variable list NSP is sorted in ascending orderbased on the Static value of each property and the property set to whicheach property belongs of the key in the position equal to variable K inthe Keys variable list 3626, and if zero is the number of keys in thevariable list Selected 3628, the list created using the Get SelectedKeys process depicted in FIG. 39 is assigned to the variable listSelected 3630. The list variables Shuffle and Alternate are then set3632 to the list created following the Get Keys process shown in FIG. 42and the Boolean value FALSE is assigned to variable SetSkip 3634.

This process continues in FIG. 36 b where, if the number of keys in thevariable list Shuffle is not equal to zero 3636, then variable R is setto a key which is randomly selected from the variable list Shuffle 3638,properties of keys stored in variable R and K are swapped 3640 asdepicted in the Swap Keys process in FIG. 43, and the key assigned tovariable R is removed from the variable list Selected 3642; otherwise,if the number of keys in the variable list Shuffle is equal to zero3636, then, if variable Loop is not equal to TRUE 3644, and the numberof property sets in list variable NSP is not equal to variable S orvariable K is not less than the number of keys in list variable Keysminus one 3650, then variable SetSkip is set to the Boolean value TRUE3654. If the variable SetSkip is equal to FALSE and variable Skip isequal to TRUE 3656, execution returns to the ninth step in the processin which the variable Skip is set to FALSE 3618 and continues fromthere. If, however, the value of variable Loop is TRUE 3644, thenvariable R is set to a key which is randomly selected from the variablelist Alternate 3646 and properties of keys stored in variable R and Kare swapped 3648 as depicted in the Swap Keys process in FIG. 43, or, ifvariable Loop is not equal to TRUE 3644, but variable S is equal to thenumber of property sets in list variable NSP and variable K is less thanthe number of keys in list variable Keys minus one 3650, then variableLoop is set to the Boolean value TRUE 3652. At this point execution alsoreturns to the ninth step in the process in which the variable Skip isset to FALSE 3618 and continues from there. If the variable SetSkip isnot equal to FALSE or the variable Skip is not equal to TRUE 3656 thevariable Skip is set to the value of variable SetSkip 3658 and thevariable S is incremented by one 3660. If the number of property sets inthe list variable NSP is greater than zero 3662, then execution returnsto the eleventh step 3622 in the process, in which the variable K iscompared to the value of one and the variable Skip is compared to theBoolean value of FALSE and continues from there; otherwise, if thenumber of property sets in the list variable NSP is not greater thanzero 3662, the variable K is incremented by one 3664. Then, if thevariable K is not equal to the number of keys in the list variable Keys3666, the key assigned to variable K is removed from the list variableSelected 3668 and execution returns to the sixth step in the process inwhich the variable NSP is set to a list of property sets 3612 using theGet Key Non-Static Properties process depicted in FIG. 38 and continuesfrom there; otherwise, the process is complete and ends.

The process to Initialize Property Static Values, which is referenced bythe Property Dispersion process diagram shown in FIGS. 36 a-36 b, isdepicted in FIG. 37. Variable Odd is assigned a Boolean value of TRUE ifthe number of keys in list variable Keys is odd, and FALSE if the numberof keys in the list variable Keys is even 3705. The list variableSelected is then assigned values equivalent to the list variable Keys3710 and the variable P is set to the value of one 3715 as well asvariable K 3720, after which the value of one is assigned to the Staticvalue of the property at the position equal to variable P in the list ofproperties belonging to the key at the position equal to variable K inthe list variable Keys 3725, and the variable K is incremented by one3730. If the variable K is not greater than the number of keys in thelist variable Keys 3735, then execution returns to the fifth step in theprocess in which the value of one is assigned to the Static value of theproperty at the position equal to variable P in the list of propertiesbelonging to the key at the position equal to variable K in the listvariable Keys 3725 and continues from there; otherwise, if the variableK is greater than the number of keys in the list variable Keys 3735,then, if the variable Odd is TRUE 3740, variable R is set to a key whichis randomly selected from the variable list Selected 3745, the value ofzero is assigned to the Static value of the property at the positionequal to variable P in the list of properties belonging to the key equalto variable R 3750, and the key is removed from the list variableSelected that is equal to the key at the position equal to variable K inthe list variable Keys 3755. The variable P is then incremented by one3760. If the variable P is not greater than the number of property setsused by the keys within the interface 3765, then execution returns tothe fourth step in the process in which the variable K is assigned avalue of one 3720 and continues from there; otherwise, if the variable Pis greater than the number of property sets used by the keys within theinterface 3765, the process is completed and returns to the referencingprocess.

The process to Get Key Non-Static Properties, which is referenced by theProperty Dispersion process diagram shown in FIGS. 36 a-36 b, isdepicted in FIG. 38. A value of one is assigned to the variable P 3810and the variable list NSP is set to an empty list 3820. If the Staticvalue of the property at the position equal to variable P in the list ofproperties belonging to the key at the position equal to variable K inthe list variable Keys is not less than one 3830, then the property set,to which the property at the position equal to variable P in the list ofproperties belonging to the key at the position equal to variable K inthe list variable Keys belongs, is added to the variable list NSP 3840.The variable P is then incremented by one 3850. If the variable P is notgreater than the number of property sets used by the keys within theinterface 3860, then execution returns to the third step in the processin which the Static value of the property at the position equal tovariable P in the list of properties belonging to the key at theposition equal to variable K in the list variable Keys is compared tothe value of one 3830 and continues from there; otherwise, if thevariable P is greater than the number of property sets used by the keyswithin the interface 3860, the process is completed and returns to thereferencing process.

The process to Get Selected Keys, which is referenced by the PropertyDispersion process diagram shown in FIGS. 36 a-36 b, is depicted in FIG.39. The value of variable K+1 is assigned to variable X 3910 and thevariable Max is set to a value 3920 which is calculated through the GetMaximum Key Non-Static Properties process as shown in FIG. 42. Then, thevariable list Selected is set to an empty list 3930 and a value equal tothe number of properties associated with the key at the position equalto variable X in the list variable Keys having a static value which isgreater than or equal to one is assigned to variable N 3940. If thevariable N is equal to the variable Max 3950, then the key at theposition equal to variable X in the list variable Keys is added to thelist variable Selected 3960. The variable X is then incremented by one3970. If the variable X is not greater than the number of keys in thelist variable Keys 3980, then execution returns to the fourth step inthe process in which a value equal to the number of propertiesassociated with the key at the position equal to variable X in the listvariable Keys having a static value which is greater than or equal toone is assigned to variable N 3940 and continues from there; otherwise,if the variable X is greater than the number of keys in the listvariable Keys 3980, the process is completed and returns to thereferencing process.

The process to Get Maximum Key Non-Static Properties, which isreferenced by the Get Selected Keys process diagram shown in FIG. 39, isdepicted in FIG. 40. The variable Y is set to equal the value ofvariable X 4010 and a value of zero is assigned to the variable Max4020, then a value equal to the number of properties associated with thekey at the position equal to variable Y in the list variable Keys havinga static value which is greater than or equal to one is assigned tovariable N 4030. If the variable N is greater than the variable Max4040, then the variable Max is set to the value of variable N 4050. Thevariable Y is then incremented by one 4060. If the variable Y is notgreater than the number of keys in the list variable Keys, and thevariable N is not equal to the number of property sets used by the keyswithin the interface 4070, then execution returns to the third step inthe process in which a value equal to the number of propertiesassociated with the key at the position equal to variable Y in the listvariable Keys having a static value which is greater than or equal toone is assigned to variable N 4030 and continues from there; otherwise,if the variable Y is greater than the number of keys in the listvariable Keys, or the variable N is equal to the number of property setsused by the keys within the interface 4070, the process is completed andreturns to the referencing process.

The process to Update Property Static Values, which is referenced by theProperty Dispersion process diagram shown in FIGS. 36 a-36 b, isdepicted in FIG. 41. A value of one is assigned to the variables P 4104and X 4112, a Boolean value of TRUE is assigned to variables Count 4108and Preferred 4116, and a value of one is assigned to variable Y 4120.If variable Count is equal to zero 4124, then a value equal to thenumber of properties associated with the key at the position equal tovariable Y in the list variable Keys having a static value which isgreater than or equal to one is assigned to variable N 4128, if theStatic value of the property at the position equal to variable P in thelist of properties belonging to the key at the position equal tovariable Y in the list variable Keys is not less than one 4132, then ifthe variable N is equal to the variable Max 4136, then the variablePreferred is incremented by one 4140; irregardless of whether the valueof N is equal to the variable Max, the variable Count is incremented byone 4144, and regardless of whether or not the Static value of theproperty at the position equal to variable P in the list of propertiesbelonging to the key at the position equal to variable Y in the listvariable Keys is less than one 4132, the variable Y is incremented byone 4148, and if the value of variable Y is not greater than the numberof keys in the list variable Keys 4152, then execution returns to theseventh step in the process in which a value equal to the number ofproperties associated with the key at the position equal to variable Yin the list variable Keys having a static value which is greater than orequal to one is assigned to variable N 4128, and continues from there;otherwise if the value of Count is not equal to zero 4124, then thevariable Adjust is assigned a value equal to(Count/2+Preferred*10^(CP))/10^((CP+PP)) 4156, the Static value of theproperty at the position equal to variable P in the list of propertiesbelonging to the key at the position equal to variable Y in the listvariable Keys is assigned a value equal to Floor(the Static value of theproperty at the position equal to variable P in the list of propertiesbelonging to the key at the position equal to variable Y in the listvariable Keys)+Adjust 4160, the variable Y is incremented by one 4164,if the value of variable Y is not greater than the number of keys in thelist variable Keys 4168, then execution returns to the eighth step inthe process where the Static value of the property at the position equalto variable P in the list of properties belonging to the key at theposition equal to variable Y in the list variable Keys is assigned avalue equal to Floor(the Static value of the property at the positionequal to variable P in the list of properties belonging to the key atthe position equal to variable Y in the list variable Keys)+Adjust 4160and continues from there; otherwise if the value of variable Y isgreater than the number of keys in the list variable Keys 4168, then avalue of zero is assigned to the variable Count 4172. In either case,whether or not the initial value of the variable Count is equal to zero4124, if the value of variable Y is greater than the number of keys inthe list variable Keys 4152, 4168, then if, at that point in theprocess, the value of variable Count is not equal to zero 4176, thenexecution returns to the fifth step in the process in which the variableY is assigned a value of one 4120 and continues from there; otherwise ifthe value of variable count is equal to zero 4176, the value of variableP is incremented by one 4180, and if the variable N is not greater thanthe number of property sets used by the keys within the interface 4084,the variable Preferred is assigned value of zero 4188, and executionalso returns to the fifth step in the process in which the variable Y isassigned a value of one 4120 and continues from there; otherwise if thevariable N is greater than the number of property sets used by the keyswithin the interface 4084, the process is completed and returns to thereferencing process.

The process to Get Keys, which is referenced by the Property Dispersionprocess diagram shown in FIGS. 36 a-36 b, is depicted in FIG. 42. Avalue equal to the value variable K+1 is assigned to variable X 4205,the list variables Shuffle and Alternate are assigned empty list values4210, 4215, and the variable A is assigned the property belonging to theproperty set assigned to variable S within the list variable NSP whichis associated with the key at the position equal to variable X in thelist variable Keys 4220. If the Static value of the property assigned tothe variable A is not greater than one 4225, then if the key at theposition equal to variable X in the list variable Keys exists within thelist variable Selected 4230, the key at the position equal to variable Xin the list variable Keys is added to the list variable Shuffle 4235;otherwise, if the key at the position equal to variable X in the listvariable Keys does not exist within the list variable Selected 4230, thekey at the position equal to variable X in the list variable Keys isadded to the list variable Alternate 4240, and regardless of whether ornot the Static value of the property assigned to the variable A isgreater than one 4225, the variable X is incremented by one 4245. If thevalue of variable X is not greater than the number of keys in the listvariable Keys 4250, execution returns to the fourth step in the processin which the variable A is assigned the property belonging to theproperty set assigned to variable S within the list variable NSP whichis associated with the key at the position equal to variable X in thelist variable Keys 4120 and continues from there; otherwise if the valueof variable X is greater than the number of keys in the list variableKeys 4250, the process is completed and returns to the referencingprocess.

The process to Swap Key Properties, which is referenced by the PropertyDispersion process diagram shown in FIGS. 36 a-36 b, is depicted in FIG.43. The property belonging to the property set assigned to variable Swithin the list variable NSP which is associated with the key at theposition equal to variable K in the list variable Keys is assigned tovariable P1 4310, and the property belonging to the property setassigned to variable S within the list variable NSP which is associatedwith the key at the position equal to variable R in the list variableKeys is assigned to variable P2 4320. Next, the property assigned tovariable P1 is associated to the key at the position equal to variable Rin the list variable Keys 4330, and the property assigned to variable P2is associated to the key at the position equal to variable K in the listvariable Keys 4340. Then, the Static values of the properties assignedto the variables P1 and P2 are assigned a value of negative one 4350,4360. Finally, the property set assigned to variable S is removed fromthe list property NSP 4370. The process is completed and returns to thereferencing process.

Several methods are possible for passcode validation. The system caniterate through each of the properties associated with each of theselected virtual keys in sequence, comparing the interpretation value ofeach property at each position in the entered passcode with theinterpretation value of the property at the same position in the storedpasscode. A match for all positions will indicate a valid passcode.

Password encryption can be implemented by identifying all possiblepasscode combinations based on the properties of each virtual keyselected for each position in the entered passcode. Each of thesecombinations could then be encrypted and compared to the encrypted valueof the stored passcode, which was previously encrypted at the time itwas created. A successful match for any of the combinations indicates avalid passcode.

The passcode validation process can be augmented by adding the use of aproperty pattern. FIG. 3 a describes a passcode creation processembodiment which captures the property pattern in addition to thepasscode. The system either manifests the interface 310 a or theinterface is built as a physical component of a device to be used forpasscode creation. At any point during passcode creation, a user canchoose to cancel the process 320 a, thereby clearing any previouslyselected properties and beginning the process anew. Upon the selectionof one of the keys 330 a the system records the interpretation value ofthe property 340 a as well as the property set identifier 350 aassociated with the selected key for the present position in thepasscode. This process is repeated until passcode creation is complete360 a, at which time the system saves the interpretation values as avalid passcode for future use during passcode entry 370 a. The systemalso stores the property set identifier from which each property ischosen during passcode creation as the property pattern 380 a.

For example, referencing FIG. 2, a row of keys is utilized for eachproperty set; the top row being the shape 215 property set; the secondrow being the number 220 property set; the property set of Latincharacters A through H 225 in the third row; the property set of Latincharacters I through Q 230 in the fourth row; row five being theproperty set of Latin characters R through Z 235; and the property setof colors 240 (represented as patterns) in the last row. During passcodecreation, if a number is chosen from the second row, an identifierrepresenting the number property set is stored in the property patternfor the current position in the passcode. This is performed for eachproperty selected, and once passcode creation is complete, each positionof the passcode will be identified by a property set identifier.

FIG. 5 a depicts a passcode creation process embodiment which capturesthe property pattern in addition to the passcode during passcodecreation using virtual keys with multiple property associations. Thesystem either manifests the interface 505 a or the interface is built asa physical component of a device to be used for passcode creation. Atany point during passcode creation, a user can choose to cancel theprocess 510 a, thereby clearing any previously selected properties andbeginning the process anew. Upon the selection of one of the keys 515 athe system manifests a virtual key for each of the properties associatedwith the selected key 520 a. When one of the newly manifested virtualkeys is selected 525 a the system records the interpretation value 530 aas well as the property set identifier 535 a associated with theselected key for the present position in the passcode. This process isrepeated until passcode creation is complete 540 a, at which time thesystem saves the interpretation values as a valid passcode for futureuse during passcode entry 545 a. The system also stores the property setidentifier from which each property is chosen during passcode creationas the property pattern 550 a.

In the above example using FIG. 4 as a passcode creation interface, eachof the virtual keys manifested along the right 450, upon the selectionof one of the initial virtual keys 410, represents the property fromeach of the property sets used during passcode creation. When one of theproperty specific virtual keys 450 is selected, the property setidentifier for the property set to which the property belongs is storedin the property pattern for the current position in the passcode. Thisis performed for each property selected. Once passcode creation iscomplete, each position of the passcode can be identified by a propertyset identifier.

The process shown in FIG. 6 a describes a scenario in which theprocesses described in FIG. 3 a and FIG. 5 a can be combined toaccommodate passcode creation regardless of the number of propertiesassociated with each virtual key. The system either manifests theinterface 605 a or the interface is built as a physical component of adevice to be used for passcode creation. At any point during passcodecreation, a user can choose to cancel the process 610 a, therebyclearing any previously selected properties and beginning the processanew. Upon the selection of one of the keys 615 a the system checks thenumber of properties associated with the selected virtual key 620 a. Ifthe virtual key is associated with multiple properties, the systemmanifests a virtual key for each of the properties associated with theselected key 625 a; then when one of the newly manifested virtual keysis selected 630 a the system records the interpretation value of theproperty associated with the selected key 635 a for the present positionin the passcode. If the originally selected virtual key is associatedwith a single property, the system records the interpretation value 640a. After the interpretation value is recorded, the property setidentifier 645 a associated with the selected key is also recorded forthe present position in the passcode. This process is repeated untilpasscode creation is complete 650 a, at which time the system saves theinterpretation values as a valid passcode for future use during passcodeentry 655 a. The system also stores the property set identifier fromwhich each property is chosen during passcode creation as the propertypattern 660 a.

FIG. 8 a is an example of a process by which passcode entry couldutilize a property pattern. The system associates a member from eachproperty set with each virtual key in a generally random manner 805 afor which an example is depicted in FIG. 32. Next, an optimally securenumber of property sets to group together is calculated based on thenumber of property sets utilized 810 a for which an example is depictedin FIG. 35. Then, a number of property sets equal to the previouslycalculated value are selected in a generally random manner 815 a forwhich an example is depicted in FIG. 33. The properties within theselected property sets are then re-associated collectively as a groupacross the plurality of virtual keys in a generally random manner 820 afor which an example is depicted in FIG. 34. The updated interface isthen manifested by the device 825 a and is ready for passcode entry.

At any point during passcode entry, a user can choose to cancel theprocess 830 a, thereby clearing any previously selected properties andbeginning the process anew. Upon the selection of one of the virtualkeys by a user 835 a, it is not obvious to an observer which of theproperties is being chosen, as it may be any one of the plurality ofproperties associated with the selected virtual key. At this time, thesystem records the interpretation value of the property associated withthe selected virtual key matching the property set of the storedproperty pattern 840 a for the present position in the passcode. Thisprocess is repeated until passcode entry is complete 845 a, at whichtime the system performs a comparison between a valid passcode which waspreviously created and the passcode provided by the user 850 a. If theentered passcode does not match the valid passcode 855 a, access to thesystem is denied 860 a. If the comparison is equal 855 a, any accesswhich the system is designed to grant is provided to the user 865 a.

An embodiment in which the system providing the passcode entry interfaceis separate from the system managing and validating passcodes can use aprocess similar to that shown in FIG. 8 b. The system starts byassociating a member from each property set with each virtual key in agenerally random manner 805 b for which an example is depicted in FIG.32. Next, an optimally secure number of property sets to group togetheris calculated based on the number of property sets utilized 810 b forwhich an example is depicted in FIG. 35. Then, a number of property setsequal to the previously calculated value are selected in a generallyrandom manner 815 b for which an example is depicted in FIG. 33. Theproperties within the selected property sets are then re-associatedcollectively as a group across the plurality of virtual keys in agenerally random manner 820 b for which an example is depicted in FIG.34. The updated interface is then manifested by the device 825 b and isready for passcode entry.

At any point during passcode entry, a user can choose to cancel theprocess 830 b, thereby clearing any previously selected properties andbeginning the process anew. Upon the selection of one of the virtualkeys by a user 835 b, it is not obvious to an observer which of theproperties is being chosen, as it may be any one of the plurality ofproperties associated with the selected virtual key. At this time, thesystem records all of the properties associated with the selectedvirtual key 840 b for the present position in the passcode. This processis repeated until passcode entry is complete 845 b, at which time thepasscode entry system contacts the passcode validation system and sharesthe entered passcode information. The passcode validation system thencompares the property set identifier for each property selected at eachposition in the passcode to the property set identifier stored in thepasscode pattern for the matching position, eliminating all failedmatches. This elimination leaves a single value for each position, whichis then compared to the valid passcode which was previously created 850b. If the entered passcode does not match the valid passcode 855 b,access to the system is denied 860 b. If the comparison is equal 855 b,any access which the system is designed to grant is provided to the user865 b.

Stored passcode encryption can benefit greatly from the use of propertypatterns. In such cases, the interpretation values of the selectedproperties to use in validation can be determined by eliminating theproperties for each position in the passcode which do not belong to theproperty set specified in the property pattern stored for the sameposition, leaving only a single interpretation value for each position.The resulting values would then be encrypted and compared to thepreviously encrypted stored passcode for validation.

Embodiments may exist in which a single passcode is used to provideaccess to information and/or functionality within a system or to controlphysical access to an area of a facility. Alternative embodiments may beimplemented in which passcodes are specific to individuals or groups ofindividuals, requiring users to first identify themselves to the systembefore or during passcode entry. Further embodiments may be created inwhich individuals, groups, and/or points of access may utilize differentproperty sets or interfaces through which passcodes are entered.

FIG. 12 depicts an embodiment in which six virtual keys are utilizedwith three property sets on a device 1200 having a graphical touchsensitive display 1210. The property sets in this example are: Latincharacters used in the English language as vowels 1220, color 1240 (orpattern), and shape 1230. In this embodiment, the interfacerepresentation of the shape property is manifested as the shape of thevirtual key itself. An example of the resulting interface after havingbeen shuffled (shape 1330 property) is shown in FIG. 13.

Another embodiment is shown in FIG. 14. As in the previous example, adevice 1400 with a graphical touch sensitive display 1410 may beemployed. This embodiment shows that not all virtual keys 1420, 1430need to have the same orientation, and that both upper case 1450 andlower case 1470 alpha characters may be utilized. In addition to these,a numeric property set 1460 and a color 1440 (or pattern) property setare used. An example of the resulting interface 1510 after having beenshuffled (lower case alpha characters 1570 and color 1540 (or pattern)properties) is shown in FIG. 15.

An additional example of an embodiment having no alphanumeric propertiesis given in FIG. 16. Such an embodiment can be useful in globalimplementations since there are no properties which tie it specificallyto any language or region. The property sets are: shape 1640, shapecolor 1650 (or shape pattern), and key color 1630 (or key pattern). Eventhough many of the shapes 1640 are similar, they are all orienteddifferently, thereby making them distinguishable. The use of the sametype of property (color) 1650 is given as an example in this embodimentto demonstrate the diversity of the use of property sets. An example ofthe resulting interface after having been shuffled (shape 1740 and shapecolor 1750 (or shape pattern) properties) is shown in FIG. 17.

According to an alternative embodiment of the invention, alphanumericproperties are not restricted to being a single character. FIG. 18 showsan exemplary embodiment of an interface 1810 having sixteen virtual keys1820 and three property sets. The property sets are: number 1830, alphaset one 1840, and alpha set two 1850. The number property set utilizesinterface representations having both one and two digits, as an exampleshowing that combinations of traditional passcode values may be unifiedinto single properties through the use of the present invention. One ofordinary skill in the art can appreciate that such use of properties isnot limited to numbers, but may be applied as well to other types ofvalues, such as alpha characters. In addition to Latin characters, thetwo alpha property sets also employ commonly used special characters inthis embodiment. An example of the resulting interface after having beenshuffled (number 1930 property) is shown in FIG. 19.

FIG. 20 is an example of an embodiment which demonstrates the use ofproperty sets through a more abstract association than previousembodiments. This embodiment utilizes eight virtual keys 2020 and thefollowing property sets: cardinal direction 2040, key color 2030 (orpattern), and direction color 2050 (or pattern). The key color 2030 (orpattern) property set is associated directly with each virtual key 2020as a component of the manifestation of the virtual key itself. Thedirection color 2050 (or pattern), however is more loosely associatedwith the virtual keys 2020 than key color 2030 (or pattern). Theinterface representation of the direction color 2050 (or pattern)property is manifested as a component of the compass rose at the centerof the interface, imparting a color (or pattern) to each point on thedesign. The direction color 2050 (or pattern) of each point of thecompass rose is associated with the virtual key to which it points. Thisembodiment also shows that the interface representation of propertiesmust not necessarily be uniform. In this case, each of the cardinaldirection properties is represented through the use of a differenttypeface. One of ordinary skill in the art can appreciate that thetypeface may be used as an additional property set; however, its use inthe present embodiment is preferably ornamental. An example of theresulting interface 2310 after having been shuffled (cardinal direction2140 and direction color 2150 (or pattern) properties) is shown in FIG.21.

An additional embodiment employing a device 2200 having a graphicaldisplay 2210 and physical keys 2220 is demonstrated in FIG. 22. Eachphysical key 2220 is associated with three properties: shape 2230, alpha2240, and number 2250. The properties associated with each key are thosemanifested in line with the key and to the left of the key. As with allpreviously described embodiments, the selection of a key indicates theselection of one of the properties with which it is associated withoutdisclosing the actual property selected. This embodiment demonstratesthe use of the present invention on devices and systems not having touchsensitive displays. An example of the resulting interface after havingbeen shuffled (alpha 2340 and number 2350 properties) is shown in FIG.23.

An exemplary embodiment of the present invention employing a device 2400having a graphical display 2405 and physical keys 2445 is demonstratedin FIG. 24. This embodiment shows an interface implementation whichfunctions with ATM and debit systems not utilizing a touch sensitivedisplay. The virtual keys 2410 which are manifested on the graphicaldisplay 2405 are associated with the physical keys 2445 through commonrelative positioning. For example: The virtual key having the interfacerepresentation of the number property “3” is associated with thephysical key “1”, the virtual key having the interface representation ofthe number property “4” is associated with the physical key “6”, etc. Itis apparent to those of ordinary skill in the art that this type ofpositional association allows the use of the present invention with anyphysical key configuration.

Another embodiment of the present invention utilizes a device 2500 inwhich each of a plurality of physical keys 2520, existing on a keyboardor keypad 2510, is capable of displaying an image directly on each key,as shown in FIG. 25. This example embodiment example employs threeproperty sets: number 2530, image 2540, and color 2550 (or pattern). Aswith all previous embodiments, the selection of a key indicates the useof one of the associated properties in the present position of thepasscode. The specific desired property, however, is not disclosed. Anexample of the resulting interface after having been shuffled (number2630 and color 2650 (or pattern) properties) is shown in FIG. 26.

Properties are not limited to characters, numbers, colors, or patterns.Any distinguishable property within the capabilities of the device maybe used. Some additional examples may include, but are not limited to,sounds, textures, or more abstract differences such as the location ororientation of a virtual key on the interface, or the relative positionof a virtual key to other components of the interface.

FIG. 27 shows the implementation of an embodiment which utilizes adevice capable of dynamically modifying the topography of a surface area2700, for example a braille display. This embodiment demonstrates thepresent invention implemented with an interface which can be used by thevisually impaired. Each of the ten virtual keys utilized in FIG. 1 arerepresented through the braille display 2700. Each property set ismanifested on a row 2730, and the properties associated with eachvirtual key are manifested in a column 2720. In this particular example,each property is represented by two characters, the first identifyingthe property set, and the second identifying the specific property.Because some braille characters have multiple meanings dependent upontheir usage, the property set identification is necessary. Between eachcolumn is a space 2710 to provide a definite separation from one columnto the next. To select a given property, the braille display may becapable of detecting pressure, in which case the user can depress thespecific property desired. If the display is not pressure sensitive, akeypad providing physical keys may be employed through which the usercan select the number key corresponding to the number property in thecolumn on the braille display which contains the desired property.

A more condensed version of the previous embodiment is shown in FIG. 28.This embodiment is similar to the previous embodiment in that eachproperty set is manifested on a row 2830, and the properties associatedwith each virtual key are manifested in a column 2820. An exampledifference between this embodiment and the previous is that the propertyset identifying braille character is not present in every column 2820.Instead, the property set identifying braille character is listed in aseparate column specifically for the purpose of identifying the propertyset for each row 2830.

A further condensed embodiment of the use of a braille display isdepicted in FIG. 29. In this embodiment, the spaces between columns areremoved with the exception of a space between the property setidentifier column and the columns containing the interfacerepresentations of the columns. This provides definite separationbetween the identifier and the properties. An example of the resultinginterface after having been shuffled (shape, number, and colorproperties) is shown in FIG. 30. It is not a requirement that a propertyset remain in the same row when shuffled 3030. It is actuallypreferable, for security reasons, to shuffle the property setshorizontally across the rows in a generally random manner to preventobservers from being able to determine from which property set aproperty is being selected.

FIG. 32 is an example of a process by which the system initiallyassociates a member from each property set with each virtual key in agenerally random manner. Variables S, Keys, and P are initialized 3205through 3215. Second, a value is randomly generated through the use of arandom number generation function provided by the development languagebeing utilized for system development. This random number is then usedto select one of the keys K 3220. Third, the randomly selected key K isassociated with property P of property set S 3225. Fourth, the randomlyselected key K is removed from the list of all keys K 3230. The variableP is then incremented by one 3235. If the value of variable P is notgreater than the number of properties in set S, the process loops to thestep in which a new key K is randomly selected; otherwise the processcontinues 3240. Next, the variable S is incremented by one 3245. If thevalue of variable S is not greater than the number of property sets, theprocess loops to the step in which the variable Keys is initialized;otherwise the process ends 3250.

Depicted in FIG. 33 is an example of the process through which propertysets are selected to be shuffled in a generally random manner. First,the number of property sets to group is calculated and assigned tovariable G 3310. Second, the variables Sets, and Selected areinitialized 3320 and 3330. Third, a value is randomly generated throughthe use of a random number generation function provided by thedevelopment language being utilized for system development. This randomnumber is then used to select one of the sets S 3340. Fourth, therandomly selected set S is added to the list of selected sets Selected3350. Next, the randomly selected set S is removed from the list of allnon-static property sets Sets 3360. The variable G is then decrementedby one 3370. If the value of variable G is greater or less than zero,the process loops to the step in which a new set S is randomly selected;otherwise the process ends 3380.

FIG. 34 depicts an example of a process by which the system shuffles theproperty associations with the keys in a generally random manner. First,the property sets to shuffle are selected and set to the Selectedvariable 3405. Second, variable K is initialized 3410. Third, a value israndomly generated through the use of a random number generationfunction provided by the development language being utilized for systemdevelopment. This random number is then used to select one of the keys R3415. Fourth, variable S is initialized 3420. Fifth, the variable P isset to the property of set S which is currently associated with key R3425. Sixth, the randomly selected key R is associated with the propertyof set S which is currently associated with key K 3430. Seventh, the keyK is associated with the property P of set S 3435. The variable S isthen incremented by one 3440. If the value of variable S is not greaterthan the number of property sets in the list Selected, the process loopsto the step in which the variable P is set; otherwise the processcontinues 3445. Next, the variable K is incremented by one 3450. If thevalue of variable K is not greater or less than the number of keys, theprocess loops to the step in which a new key R is randomly selected;otherwise the process ends 3455.

An example of the calculation of the property set group size to be usedduring the shuffling of properties associated with keys is shown in FIG.35. In its simplest form, the property set group size is a whole numberequal to half of the number of property sets 3510. Many system factorsmay require alterations to this calculation dependent upon each specificimplementation.

The integration of a passcode system such as is described above withexisting banking systems may present many difficulties which must beaddressed before a passcode-based banking system could be implemented.FIG. 45 and FIG. 46 describe a means by which a passcode system might beimplemented which would integrate with existing banking systemsrequiring minimal effort. These figures provide visual examples based onthe property sets defined in FIG. 44.

An embodiment having the condition that the system interpretation valuesof properties consist of the set identifier of the property set to whichthey belong followed by a single digit decimal value can be convertedinto a traditional PIN during passcode creation to be utilized bycurrent banking systems following the method presented in FIG. 45. Afterthe user creates the desired passcode 4510, the property set identifierof each selected property, also known as the property pattern, isdetermined 4520 by the system. The system then trims the property setidentifier from the left of the system interpretation value of eachproperty 4530. The remaining portion of each system interpretation valueis a single digit, which, in a passcode system utilizing a four propertypasscode, yields four decimal digits that can be utilized as atraditional PIN 4540. The banking system would also store the propertypattern 4550 in association with the user's other account information.

FIG. 46 provides a method by which a passcode can be converted into atraditional PIN during passcode entry and validation for use withcurrent banking systems. As in currently utilized banking systems, theuser presents to the system a means of identification, for example anATM/debit card 4610. Next the user enters a passcode into the providedpasscode interface 4620. Following the retrieval of the property patternstored with their user account information 4630, the system selects theproperties corresponding to the retrieved property pattern 4640. Thesystem then trims the property set identifier from the left of each ofthe entered properties' system interpretation values 4650, resulting ina single decimal digit for each property, a four digit PIN in cases of afour property passcode, which is then utilized in the same manner as atraditional PIN 4660.

As shown in FIG. 50, the above-described system 5000 can include aservice provider computing system 5002, one or more user devices 5020described above, all as described in more detail below. One or more ofthe components of the system 5000 can include one or more processingdevices that can be configured for accessing and reading associatedcomputer-readable media having data and/or computer-executableinstructions stored thereon for implementing the various methods of theinvention.

Example network devices and systems, including one or more of theservice provider computing systems 5002, user devices 5020, can include,or otherwise be associated with, suitable hardware and/or software fortransmitting and receiving data and/or computer-executable instructionsover one or more communications links or networks 5026. Thesenetwork-connected devices and systems 5002, 5020 can also include apredetermined number of processors for processing data and executingcomputer-executable instructions, as well as other internal andperipheral components. Further, these network devices and systems caninclude or be in communication with a predetermined number of suitabledatabase(s) 5009 operable to store data and/or computer-executableinstructions. The database 5009 can include a wide variety of differentdata in various embodiments, for example, user profiles and passwords,password-generation history and a bank of password icon options. Byexecuting computer-executable instructions, each of the network devicescan form a special purpose computer or particular machine. As usedherein, the term “computer-readable medium” describes any suitablenon-transitory memory or memory device.

The service provider computing system 5002 can be associated with aservice provider that provides services to customers or users throughpassword-protected portals. For purposes of this disclosure, the serviceprovider computing system 5002 is generally referred to as a serviceprovider. The service provider 5002 can be any suitable processor-drivendevice that facilitates the generation of a password-entry portal to anappropriate user device. For example, the service provider 5002 can be acomputing device that includes server computers, mainframe computers,networked computers, desktop computers, personal computers, digitalassistants, personal digital assistants, digital tablets, Internetappliances, application specific circuits, microcontrollers,minicomputers, ATM and/or any other processor-based device(s). Theexecution of the computer-implemented instructions by the serviceprovider 5002 can form a special purpose computer or other particularmachine that facilitates the password portal operation to a user.Additionally, in certain embodiments of the invention, the operationsand/or control of the service provider 5002 can be distributed amongstseveral processing components.

In addition to one or more processor(s) 5014, the service provider 5002can include one or more memory devices 5004, one or more input/output(“I/O”) interfaces 5016, and one or more network interfaces 5018. Theone or more memory devices 5004 can be any suitable memory devices forexample, caches, read only memory devices, random access memory devices,magnetic storage devices, etc. The one or more memory devices 5004 canstore data, executable instructions, and/or various program modulesutilized by the service provider, for example, data files 5006, anoperating system (OS) 5010, a database management system (DBMS) 5012,and/or host module 5008. The data files 5006 include a wide variety ofdifferent data in various embodiments, for example, user profiles andpasswords, password-generation history and a bank of password iconoptions.

The operating system (OS) 5010 is a suitable software module thatcontrols the service provider 5002. The OS 5010 can also facilitate theexecution of other software modules by the one or more processors 5014.The OS 5010 can be, but is not limited to, Microsoft Windows®, AppleOSX™, Linux™, Unix™, or a mainframe operating system. The databasemanagement system (“DBMS”) 5012 can facilitate the maintenance ofinformation stored in the memory devices 5002 or one or more suitabledatabases 5009 associated with the service provider 5002. The hostmodule 5008 can facilitate the receipt and/or processing of requestsand/or other information that is received from a user via a suitableuser device 5020. For example, the host module 5008 can include a webserver or other dedicated program that is operable to receive requestsand/or information from client modules, for example web browsers,associated with various user devices.

It is apparent to those of ordinary skill in the art that the depictionsof the described embodiments are only meant to be taken as examplesthrough which the present invention may be implemented, and not to limitthe invention. Any conceivable interface configuration may be employedwithin the capabilities of any device that will successfully implementthe present invention while maintaining its overall spirit and concept.

While the invention has been shown and described in exemplary forms, itwill be apparent to those skilled in the art that many modifications,additions, and deletions can be made therein without departing from thespirit and scope of the invention as defined by the following claims.

What is claimed is:
 1. A method for user passcode authentication,comprising: accessing a user information database comprising predefineduser input option parameters; generating a random arrangement of inputoptions comprising the predefined user input option parameters;manifesting the random arrangement of input options on an interactivedisplay interface; receiving a selection of the interactive displayinterface input options; and comparing the received selection ofinteractive display interface options to the predefined user inputoption parameters.
 2. The method of claim 1 wherein: the input optionparameters comprise a plurality of variable properties.
 3. The method ofclaim 2, wherein the plurality of variable properties comprise at leastone of a group comprising: numbers, characters, symbols, colors,patterns, sounds, textures, topology, location, orientation, or relativeposition with respect to the interface.
 4. The method of claim 2,wherein each property is assigned a property interface representation.5. The method of claim 2, wherein each property is assigned a systeminterpretation value.
 6. The method of claim 2, wherein the propertiesare organized into property sets.
 7. The method of claim 2, wherein eachproperty set is assigned a set identifier.
 8. The method of claim 1,further comprising randomly shuffling the input options after comparingthe received selection of interactive display interface options to thepredefined user input option parameters.
 9. The method of claim 1,wherein at least one of the predefined user input parameters is static.10. A method for user passcode creation comprising: receiving a selectedpasscode comprising an arrangement of inputs comprising two or moredifferent properties from a group comprising numbers, characters,symbols, colors, patterns, sounds, textures, topology, location,orientation, or relative position with respect to the interface, thepasscode being received on a user interface; and storing the selectedpasscode in a user database.
 11. The method of claim 10, wherein theinput properties are arranged with respect to a plurality of keys, eachkey comprising at least two different properties.
 12. The Method ofclaim 11, further comprising: re-associating the input properties suchthat none of the properties previously associated as a group with anykey remain as a group in their new association; receiving a secondarrangement of selected properties from the re-associated keys; andcomparing the selected passcode properties to the second arrangement ofselected properties.
 13. The method of claim 12, wherein a setidentifier of each property is stored as a property pattern with thepasscode.
 14. The method of claim 10, wherein each property is assigneda system interpretation value.
 15. The method of claim 10, wherein theproperties are organized into property sets.
 16. The method of claim 10,wherein each property set is assigned a set identifier.
 17. A system forpasscode validation comprising: a user interface display comprising aplurality of keys, each key comprising at least two different dynamicproperty options; a database in communication with the user interface,the database configured to receive selected property option informationfrom the user interface display, and the database configured to sendvariable property option information to the user interface display. 18.The system of claim 17, wherein the at least two different dynamicproperty options comprise at least two options from a group comprisingnumbers, characters, symbols, colors, patterns, sounds, textures,topology, location, orientation, or relative position with respect tothe interface.
 19. The system of claim 18, wherein the database sendsvariable arrangements of the at least two different dynamic propertyoptions after the database has received a selected property optioninformation from the user interface display.
 20. The system of claim 17,further comprising an operating system to select at least one randomproperty option from the database and transmit the at least one randomproperty option to the user interface display.